CovertBand uses high-frequency audio to place people in a room and track a person's movements using the speakers and microphones that are found in many smartphones, laptops and other devices.
Researchers have demonstrated how hackers could track a person's movements using the speakers and microphones that are found in many smartphones, laptops and other devices. According to research by the University of Washington, hackers could embed a high-frequency sound in audio recordings that acts as a sonar. Sound waves would bounce off people and objects and this is picked up by a microphone.Read more
Apple is well-known for its maniacal approach to security, but it turns out not even the Cupertino heavyweight is safe from breaches: Popular YouTuber EverythingApplePro has stumbled upon a miniature hacking device that can crack the passcode of any iPhone 7 handset.
The device has a fairly compact size, but what is even more impressive is that, thanks to its three USB ports, it has the capacity to brute-force passcodes on three devices at the same time. To pull this off, EverythingApplePro says the creators of the tool exploited a loophole in the phone’s data recovery state that allows users to enter as many password attempts as they need.Read more
A leading US supplier of voting machines confirmed on Thursday that it exposed the personal information of more than 1.8 million Illinois residents.
State authorities and the Federal Bureau of Investigation were alerted this week to a major data leak exposing the names, addresses, dates of birth, partial Social Security numbers, and party affiliations of over a million Chicago residents. Some driver’s license and state ID numbers were also exposed. Jon Hendren, who works for the cyber resilience firm UpGuard, discovered the breach on an Amazon Web Services (AWS) device that was not secured by a password.Read more
A hacker Thursday afternoon published what he says is the decryption key for Apple iOS’ Secure Enclave Processor (SEP) firmware. The hacker, identified only as xerub, told that the key unlocks only the SEP firmware, and that this would not impact user data.
“Everybody can look and poke at SEP now,” xerub said. Apple did confirm that if the key was legitimate, that user data would not be at risk from this leak. Apple has reportedly yet to confirm the validity of the key. The Secure Enclave, as explained in the iOS Security Guide, is a coprocessor onto itself inside the mobile operating system.Read more
Several HBO Twitter accounts were hacked and taken over by the notorious OurMine hacking group, posting #HBOHacked messages and warnings about security.
OurMine took control of the main HBO Twitter account on Wednesday, as well as those for TV shows including Game of Thrones and Girls, posting its usual statement: “Hi, OurMine are here, we are just testing your security, HBO team please contact us to upgrade the security.” The messages from OurMine were removed within an hour of their appearance, with HBO seemingly taking back control of its accounts. An HBO spokesperson said the TV network was “investigating” the hack.Read more
It appears that the hackers behind the WannaCry ransomware may be back at work. LG's service centers in South Korea were reportedly hit by a ransomware attack earlier in the week, with authorities revealing that the ransomware's malicious code was "identical" to WannaCry.
Users of LG's South Korean self-service kiosks were reportedly experiencing issues accessing the service. The issue was then reported by LG to the state-run Korea Internet and Security Agency, who confirmed the ransomware attack. "More investigation is still needed to determine the exact cause," KISA said in a statement, the Korea Herald reported.Read more
A botched wireless update for a remotely accessible smart lock system has bricked hundreds of them. The locks suffered a “fatal error,” according to device’s manufacturer LockState, rendering them unable to locked. Customers are asked to either return impacted locks for repair, or request a replacement.
“We realize the impact that this issue may have on you and your business and we are deeply sorry. Every employee and resource at LockState is focused on resolving this for you as quickly as possible,” wrote Nolan Mondrow, CEO of LockState in an email sent to customers last week. More than 500 customers using model 6000i RemoteLocks are impacted.Read more
Attackers infiltrated the update mechanism for a popular server management software package as recently as last month and modified it to include a backdoor.
NetSarang, which has headquarters in South Korea and the United States, has removed the backdoored update, but not before it was activated on at least one victim’s machine in Hong Kong. Some of its customers include large enterprises operating in a number of industries, including financial services, energy, retail, technology, media and more. Researchers said they privately disclosed this issue to the provider in July after finding suspicious DNS requests on a customer’s network in the financial services space.Read more
Russian-speaking cyberespionage group APT28, also known as Sofacy, is believed to be behind a series of attacks last month against travelers staying in hotels in Europe and the Middle East. APT28 notably used the NSA hacking tool EternalBlue as part of its scheme to steal credentials from business travelers, according to a report released Friday by security firm FireEye.
One of the goals of the attack is to trick guests to download a malicious document masquerading as a hotel reservation form that, if opened and macros are enabled, installs a dropper file that ultimately downloads malware called Gamefish.Read more
Just like water leaks from pipes, so do electric signals from USB ports, indirectly exposing sensitive data to a knowledgeable attacker. The phenomenon is known as "channel-to-channel crosstalk leakage" and affects USB-based devices plugged into adjacent ports.
"Electricity flows like water along pipes – and it can leak out," said project leader Dr. Yuval Yarom. "In our project, we showed that voltage fluctuations of the USB port’s data lines can be monitored from the adjacent ports on the USB hub." This scenario implies the presence of a malicious USB device inserted in a nearby port that the attacker can use to monitor data flows in adjacent ports.Read more